Last updated on January 15, 2019
Within the framework of its activities, ADF (Association dentaire française – French Dental Association) may collect and process some personal data within the framework of the General Data Protection Regulation of the European Parliament and of the Council No. 2016/679 of 27 April 2016 (hereinafter “GDPR”) and the French Data Protection Act No. 78/17 of 6 January 1978 as amended by Act No. 2018/493 of 20 June 2018 (hereinafter the “Data Protection Act”).
The present confidentiality charter has been drawn up to enable persons who interact with ADF (hereinafter “You”, “Your” or “Yours”) to understand what data is collected by ADF, for what purpose, and what their rights are in this regard.
1. Who is responsible for data processing?
2. When is personal data collected and processed by ADF?
ADF may collect and process personal data under GDPR and the French Data Protection Act in several cases:
- When organizing and running its annual congress (processing registrations and invitations, scheduling speakers, managing exhibitors’ requests for stands);
- As part of its business and activities, in particular when organizing meetings of members (including practitioners’ personal data collected from professional directories);
- When you buy publications or online training on ADF Websites;
- When you visit ADF Websites, independently of the purchase of publications or training;
- When ADF enters into a contract with a service provider, ADF may collect some personal data about the service provider or its representative.
3. What personal data is collected and processed by ADF?
ADF applies the principle of data minimization, meaning that it only collects and processes personal data that is strictly necessary to achieve its corporate purpose.
ADF does not trade in personal data. ADF collects and processes data only to carry out its associative activities, including its annual congress.
The following data is collected and processed by ADF:
- When You register to attend the ADF Annual Congress as a delegate, You provide information relating to Your identity (name, gender, date of birth, passport number), Your postal address, professional information (ADELI number, RPPS number, year of graduation, faculty of origin, academic title, mode of practice, specialty, SIRET number), means of contacting You (e-mail address, telephone number) as well as bank account details to allow for reimbursements as the case may be;
- When You register as a speaker/trainer at the ADF Annual Congress, You provide information concerning Your identity (title, name, date of birth), Your address, means of contacting You (e-mail address, telephone number), as well as bank account details for any reimbursement;
- When registering to participate in the ADF Annual Congress as an exhibitor, You provide Your identity (name), address, contact details (phone number, fax number, e-mail address) and bank details;
- In managing its business as an association, ADF keeps a register of its members and members of internal commissions: identity (name), address, and contact details (telephone number, fax number, e-mail address)
- ADF obtains personal data, related to your professional practice only, about you as a dental practitioner from trade directories;
- When you browse ADF Websites, personal data about You is collected and processed by ADF. This data is collected automatically: the IP (Internet Protocol) address of the computer terminal that You are using, the date and time of connection, the type of computer used, the operating system and the navigation software used, your screen resolution, and the name of your Internet access provider. We also keep track of the pages of the Websites You visited. We use this data to personalize your navigation on the Websites, to ensure proper connection, to evaluate the security of the system and to obtain use statistics. This data is collected by means of cookies, which are text files that are stored on the storage medium of your terminal.
4. On what legal basis is personal data collected and processed?
ADF does not collect or process personal data unlawfully. All personal data collected and processed by ADF comes under a duly identified legal basis:
– For the most part, the data We collect is necessary for the performance of a contract between You and Us, for example because You are attending the ADF Annual Congress as a delegate, speaker or exhibitor, or because You are a selected provider of services to ADF;
– Some of the data collected automatically is necessary for the legitimate purposes that We pursue, in particular our affairs as an association, it being specified that neither the collection nor the processing of this data is likely to infringe on Your interests or fundamental freedoms;
– The other personal data is collected and processed on the basis of Your consent. In this respect, We invite You to communicate to Us only strictly necessary information.
If so-called “sensitive” data is collected within the meaning of the GDPR and the French Data Protection Act, it only concerns Your membership in a professional association; this data collection, which is part of the legitimate activities of ADF, itself an emanation of trade organizations, is implemented with appropriate guarantees: the processing of this data relates exclusively to members or former members of ADF or to persons who have regular contact with ADF, in connection with its purposes. Such data is not communicated outside ADF without Your consent.
5. How do we use the data we collect?
ADF only uses the personal data collected in the cases described above for specific and legitimate aims, strictly related to its activities, in accordance with its corporate purposes:
- The data is primarily used for the proper execution of a contract and its consequences, such as Your contact information, to be used for the congress registration and confirmation, invoicing and/or payment of expenses, and, as the case may be, to issue certificates, or to process an order for training on ADF Websites;
- The data may be processed for the purpose of managing Our relationship with You, in particular the sending of electronic information messages or satisfaction surveys;
- This data may be used for ADF in-house purposes, for example to manage the invitation of ADF members to meetings or commissions, or to establish statistics on ADF Congress attendance;
- Finally, some information is used by ADF to administer its Webs We analyze it (directly or through third parties with whom We contract) in order to assess usage statistics (for example, to understand which pages are the most visited) and to improve the Websites by enhancing functions and features. This allows Us to improve our product (publications, training) or service offerings. We may also use the address of Your terminal in order to fight certain cases of fraud, including identity theft.
6. To whom is the data we collect disclosed?
The personal data we collect is primarily useful to ADF itself and intended for the relevant ADF departments (congress management, member management, ADF commission management, administration, IT, etc.).
This data may also be transmitted to certain recipients below, namely:
- Authorities: We may need to cooperate with the state, administrative or judicial authorities, in particular the supervisory authorities in charge of ensuring the execution of GDPR and the Data Protection Act, when required to do so. Therefore, We reserve the right to disclose any information collected within the framework of Our activities to the competent authorities when required, for example within the framework of an investigation resulting from a bank card theft.
7. How long does ADF keep Your personal data?
ADF keeps your personal data in an identifiable form for only as long as is necessary to fulfil its purposes:
- Data relating to the congress (in particular the list of participants or speakers) is kept for 3 years;
- Data relating to the members of the association’s bodies (including committees) is kept for 10 years;
- Data relating to transactions on ADF Websites is kept for 3 years;
- Data collected automatically during Your browsing session on the Websites is automatically deleted when You log out.
Other data, in particular statistics, are kept in an anonymized form that does not allow Your identification.
8. What are Your rights regarding Your personal data?
ADF respects the rights granted to You by GDPR and the French Data Protection Act.
You have the right to request access to Your personal data kept by ADF, as well as rectification or deletion of such data, or even the limitation of the processing of personal data concerning You, as well as the right to object to data processing.
However, in case of limitation or objection to processing, ADF may no longer be able to process your registration for the annual congress for example. In addition, if you exercise your right to object or your right to be forgotten, some information may still be retained by ADF in order to comply with its legal obligations.
You can also define directives relating to the conservation, deletion and communication of Your personal data after your death. In the absence of such instructions, Your personal data will be retained in accordance with the paragraphs above, unless Your heirs request earlier deletion.
To exercise these rights, You may send an e-mail to email@example.com
Furthermore, You are informed that You can oppose telephone canvassing by registering on the website www.bloctel.fr.
Finally, You have the right to lodge a complaint at any time with the competent supervisory authority for data protection. To do so, You can contact the competent supervisory authority for data protection in the region where You live or, in any case, the CNIL for France: www.cnil.fr
9. How is Your personal data protected?
In its capacity as data controller, ADF undertakes to implement and maintain, at its own expense, appropriate technical and organizational measures for the processing and security of personal data, in accordance with Articles 32 to 34 of GDPR and 70-13 of the French Data Protection Act.
ADF ensures that these technical and organizational measures are at all times adapted to the particular risks presented by its processing activities, with regard to the nature of the information that may be collected by it, in particular to protect Your personal data against destruction, loss, modification, unauthorized (accidental or unlawful) disclosure.
Thus, with respect to the technical measures implemented by ADF:
- All personal data is stored on servers located in France;
- All information concerning the banking transaction is encrypted during transmission via an SSL connection from source to target. Bank card data is not collected or stored by ADF;
Regarding organizational measures:
- Only a limited number of ADF staff members are authorized to have access to personal data concerning You;
- Access to data is protected by usernames and passwords;
- The servers used are controlled by security groups.
ADF also undertakes to keep, update and maintain complete and accurate records of the personal data processing it carries out. These records cover its processing activities.
10. Are there international data transfers?
Your personal data is stored on servers located in France. No international transfer of personal data is authorized.
11. Do you have additional questions?
If you have any further questions about how ADF collects and processes your personal data, please contact Us at the following address: firstname.lastname@example.org